Forum Discussion
JIMQ_46966
Nimbostratus
NimbostratusIrule - Destination Based Routing
Hello, I would like to use an Irule to block access from specific subnets. I was wondering what's the correct syntax for the "subnet" parameter. Can you use
"/16" or "255.255.0.0"
Thanks a Bunch. - - -Jim
example 1
when CLIENT_ACCEPTED {if { [matchclass IP::local_addr] equals $::172.17.0.0/16] } {
close
}
}
or
example 2
when CLIENT_ACCEPTED {if { [matchclass IP::local_addr] equals $::172.17.0.0 255.255.0.0] } {
close
}
}
Nicolas_MenantEmployee
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr]/16 equals 172.17.0.0] } { reject } }
reject: Click here
You can use the drop command instead of reject: Click here
Click here
JIMQ_46966Thanks for responding. I would like to clarify what I am trying to accomplish. I have to allow only certain networks to the following URL "friendsandfamily.condodirect.com". I have to block all others or send to static page indicating they are not allowed to hit this site.
Example, (obviously it doesn't like "not")
when HTTP_REQUEST {
if { [IP::addr [IP::client_addr]/16 not equals 172.22.0.0] and [HTTP::uri] contains "friends" } {
reject
}
else {
pool friendsandfamily-condodirect-80
}
}- Why not turn it around? (I'm not in a place where I can test this atm...)
when HTTP_REQUEST { if { [IP::addr [IP::client_addr]/16 equals 172.22.0.0] and [HTTP::uri] contains "friends" }{ pool friendsandfamily-condodirect-80 } else { reject } } - JIMQ_46966Correction on the pool name. It's actually "condodirect-80". From the outside world "INTERNET" everyone is allowed to hit "www.condodirect.com". I have to block the outside world to "friendsandfamily.condodirect.com". This site should only be accessible from internal networks. Hopefully this clarifies what I am trying to accomplish.